[CentOS] Help with httpd userdir recovery

Robert Moskowitz rgm at htt-consult.com
Wed Dec 28 03:16:40 UTC 2016



On 12/27/2016 08:20 PM, John Fawcett wrote:
> On 12/28/2016 01:43 AM, John Fawcett wrote:
>> On 12/28/2016 01:12 AM, Robert Moskowitz wrote:
>>> On 12/27/2016 07:06 PM, John Fawcett wrote:
>>>> On 12/28/2016 12:34 AM, Robert Moskowitz wrote:
>>>>> On 12/27/2016 05:44 PM, John Fawcett wrote:
>>>>>> That error should be caused by having MultiViews options but incorrect
>>>>>> permissions (711 instead of 755) on the directory.
>>>>> I just did chmod -R 755 /home/rgm/public_html and no change in
>>>>> behavior.
>>>>>
>>>>> Even tried chmod -R 755 /home/rgm
>>>> Are you actually using MultiViews? If you don't need that option, maybe
>>>> the easiest thing is to take it out and see if the error message
>>>> changes.
>>> I am using the default conf file for userdir.
>>>
>>> /etc/httpd/conf.d/userdir.conf
>>>
>>> So I deleted Multiviews and now the error is:
>>>
>>> [Tue Dec 27 19:09:31.013176 2016] [autoindex:error] [pid 2138]
>>> (13)Permission denied: [client 192.168.160.12:55762] AH01275: Can't
>>> open directory for index: /home/rgm/public_html/family/
>>>
>>>
>>> ____
>> I know this is not going to help, but that error means that apache does
>> not have access to read the directory /home/rgm/public_html/family/.
>> That doesn't really fit with the rest of the evidence, that you have
>> chmod 755 everything from /home/rgm/public_html downwards and that
>> apache can read specific files from /home/rgm/public_html.
>> John
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> https://lists.centos.org/mailman/listinfo/centos
> Here is a small test program that you can use to check the permissions.
>
> You can compile it with:
>
> cc -o test test.c

This is on Centos7-arm, so I will have to install all the build stuff, 
and hopefully won't take too long to compile....

Tomorrow most likely.



>
> then run it with:
>
> ./test apache /home/rgm/public_html/family/
>
> where apache is the name of the user that your web server runs under
> (check it with ps -ef | grep http). You should run it as root (or from
> sudo).
>
> John
>
> ------test.c-------
>
> #include <pwd.h>
> #include <stdio.h>
> #include <stdlib.h>
> #include <unistd.h>
> #include <errno.h>
> #include <sys/types.h>
> #include <dirent.h>
>
> int
> main(int argc, char *argv[])
> {
>      struct passwd pwd;
>      struct passwd *result;
>      char *buf;
>      size_t bufsize;
>      int s;
>
>     if (argc != 3) {
>          fprintf(stderr, "Usage: %s username directory\n", argv[0]);
>          exit(EXIT_FAILURE);
>      }
>
>     bufsize = sysconf(_SC_GETPW_R_SIZE_MAX);
>      if (bufsize == -1)          /* Value was indeterminate */
>          bufsize = 16384;        /* Should be more than enough */
>
>     buf = malloc(bufsize);
>      if (buf == NULL) {
>          perror("malloc");
>          exit(EXIT_FAILURE);
>      }
>
>     s = getpwnam_r(argv[1], &pwd, buf, bufsize, &result);
>      if (result == NULL) {
>          if (s == 0)
>              printf("Not found\n");
>          else {
>              errno = s;
>              perror("getpwnam_r");
>          }
>          exit(EXIT_FAILURE);
>      }
>
>      printf("Name: %s; UID: %ld GID: %ld\n", pwd.pw_gecos, (long)
> pwd.pw_uid, (long) pwd.pw_gid);
>
>      /* process is running as root, drop privileges */
>
>      if (getuid() == 0) {
>          if (setgid(pwd.pw_gid) != 0) {
>              perror("setgid: Unable to drop group privileges");
>              exit(EXIT_FAILURE);
>          }
>          if (setuid(pwd.pw_uid) != 0) {
>              perror("setuid: Unable to drop user privileges");
>              exit(EXIT_FAILURE);
>          }
>          printf("dropped privileges\n");
>      } else {
>          errno = ENOTSUP;
>          perror("process is not running as root cannot change user\n");
>          exit(EXIT_FAILURE);
>      }
>
>      /* check privileges really dropped */
>
>      if (setuid(0) != -1) {
>          errno = ENOTSUP;
>          perror("ERROR: Managed to regain root privileges");
>          exit(EXIT_FAILURE);
>      }
>
>      /* open directory */
>
>      DIR * d;
>      d = opendir(argv[2]);
>      printf("Attempting to open directory %s\n",argv[2]);
>      if (d == NULL) {
>          perror("Error opening directory");
>          exit(EXIT_FAILURE);
>      } else {
>          printf("Success opening directory %s\n",argv[2]);
>      }
>      exit(EXIT_SUCCESS);
> }
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
>




More information about the CentOS mailing list